<a href='https://github.com/angular/angular.js/edit/v1.5.x/docs/content/error/$sce/insecurl.ngdoc?message=docs(error%2Finsecurl)%3A%20describe%20your%20change...' class='improve-docs btn btn-primary'><i class="glyphicon glyphicon-edit">&nbsp;</i>Improve this Doc</a>


<h1>Error: $sce:insecurl
  <div><span class='hint'>Processing of a Resource from Untrusted Source Blocked</span></div>
</h1>

<div>
    <pre class="minerr-errmsg" error-display="Blocked loading resource from url not allowed by $sceDelegate policy.  URL: {0}">Blocked loading resource from url not allowed by $sceDelegate policy.  URL: {0}</pre>
</div>

<h2>Description</h2>
<div class="description">
  <p>AngularJS&#39; <a href="api/ng/service/$sce">Strict Contextual Escaping (SCE)</a> mode (enabled by default) has blocked loading a resource from an insecure URL.</p>
<p>Typically, this would occur if you&#39;re attempting to load an Angular template from an untrusted source.
It&#39;s also possible that a custom directive threw this error for a similar reason.</p>
<p>Angular only loads templates from trusted URLs (by calling <a href="api/ng/service/$sce#getTrustedResourceUrl">$sce.getTrustedResourceUrl</a> on the template URL).</p>
<p>By default, only URLs that belong to the same origin are trusted. These are urls with the same domain, protocol and port as the application document.</p>
<p>The <a href="api/ng/directive/ngInclude">ngInclude</a> directive and <a href="guide/directive">directives</a> that specify a <code>templateUrl</code> require a trusted resource URL.</p>
<p>To load templates from other domains and/or protocols, either adjust the <a href="api/ng/provider/$sceDelegateProvider#resourceUrlWhitelist">whitelist</a>/ <a href="api/ng/provider/$sceDelegateProvider#resourceUrlBlacklist">blacklist</a> or wrap the URL with a call to <a href="api/ng/service/$sce#trustAsResourceUrl">$sce.trustAsResourceUrl</a>.</p>
<p><strong>Note</strong>: The browser&#39;s <a href="https://code.google.com/p/browsersec/wiki/Part2#Same-origin_policy_for_XMLHttpRequest">Same Origin
Policy</a> and
<a href="http://www.w3.org/TR/cors/">Cross-Origin Resource Sharing (CORS)</a> policy apply
that may further restrict whether the template is successfully loaded.  (e.g.  neither cross-domain
requests won&#39;t work on all browsers nor <code>file://</code> requests on some browsers)</p>

</div>


